66 lines
1.8 KiB
Python
66 lines
1.8 KiB
Python
"""
|
|
This file demonstrates writing tests using the unittest module. These will pass
|
|
when you run "manage.py test".
|
|
|
|
Replace this with more appropriate tests for your application.
|
|
"""
|
|
import base64
|
|
import pytest
|
|
|
|
from django.test import TestCase
|
|
from account.password_encryption import encrypt_ldap_password, \
|
|
decrypt_ldap_password
|
|
|
|
|
|
class PasswordEncryptionTest(TestCase):
|
|
"""
|
|
Test for the cbmi apps.
|
|
"""
|
|
TEST_LDAP_PASSWD = 'correcthorsebatterystaple'
|
|
|
|
def encrypt_it(self):
|
|
return encrypt_ldap_password(self.TEST_LDAP_PASSWD)
|
|
|
|
def test_encrypt_ldap_password(self):
|
|
message, key = self.encrypt_it()
|
|
print('key:', key)
|
|
print('message:', message)
|
|
|
|
def test_decrypt_ldap_password(self):
|
|
message, key = self.encrypt_it()
|
|
decrypted = decrypt_ldap_password(message, key)
|
|
self.assertEqual(self.TEST_LDAP_PASSWD, decrypted)
|
|
|
|
@pytest.mark.parametrize("password", [
|
|
"simplePassword123",
|
|
"pässwörd_mit_üöäß",
|
|
"",
|
|
" " * 10,
|
|
"🔐✨🚀",
|
|
])
|
|
def test_encrypt_decrypt_roundtrip(password):
|
|
encrypted, key = encrypt_ldap_password(password)
|
|
|
|
encrypted_bytes = base64.b64decode(encrypted)
|
|
key_bytes = base64.b64decode(key)
|
|
|
|
assert isinstance(encrypted, str)
|
|
assert isinstance(key, str)
|
|
assert len(key_bytes) == 16 # 128-bit AES
|
|
|
|
decrypted = decrypt_ldap_password(encrypted, key)
|
|
assert decrypted == password
|
|
|
|
|
|
def test_decryption_with_wrong_key_should_fail():
|
|
password = "correctPassword"
|
|
encrypted, key = encrypt_ldap_password(password)
|
|
|
|
wrong_key_bytes = base64.b64decode(key)
|
|
wrong_key_bytes = bytearray(wrong_key_bytes)
|
|
wrong_key_bytes[0] ^= 0xFF # Flip first bit
|
|
wrong_key = base64.b64encode(bytes(wrong_key_bytes)).decode()
|
|
|
|
with pytest.raises(Exception):
|
|
decrypt_ldap_password(encrypted, wrong_key)
|
|
|